Upgrading ESXi 6.5 to ESXi 6.7 with ESXCLI

Upgrading ESXi 6.5 to ESXi 6.7 with ESXCLI

Here is a quick article on upgrading VMWare ESXi Hypervisor. In this instance I’m upgrading from version 6.5.0 to 6.7.0. This is largely based on the article found here. I’m just filling in the blanks for some issues that I had.

First up, enable SSH on the Host and configure your preferred SSH client. Click on Host, choose Actions > Services > Enable Secure Shell (SSH).

Now place the Host into maintenance mode. To do this shut down any running Virtual Machine’s otherwise it will fail. Either turn maintenance mode on from the web interface as seen in the screenshot above or by command line using the following command.

[root@localhost:~] vim-cmd /hostsvc/maintenance_mode_enter

While in the interface ensure that your swap space has an associated datastore. You can do this by going to your Host, then choose Manage > Swap and then edit the datastore field to point to a datastore with available space.

Next, login to the ESXi server and configure a firewall rule to allow you to download the necessary software.

[root@localhost:~] esxcli network firewall ruleset set -e true -r httpClient

We’ll be reversing all of the above operations when we’re done. It’s very important to remember to do that for the security of the appliance.

This is where my instructions change from the original. I had to configure a DNS server even though I already had a DNS configured in the GUI.

[root@localhost:~] esxcli network ip dns server add --server=8.8.8.8

Using the esxcli command set search for the appropriate filename. The correct version ends with -standard.

[root@localhost:~] esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep ESXi-6.7

As of this post the current version is ESXi-6.7.0-8169922-standard (1/20/2019). Use the command below to upgrade the ESXi server. This will probably take a few minutes.

[root@localhost:~] esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-8169922-standard

Finally, reboot the server.

[root@localhost:~] reboot

Run the following command to disable the firewall rule. Then disable SSH and exit Maintenance Mode.

[root@localhost:~] esxcli network firewall ruleset set -e false -r httpClient

Additional Resources

vSphere Command-Line Interface Documentation

The Purpose of This Blog

The Purpose of This Blog

“I think I need an outlet”, is what I was thinking to myself as I a wrote the title of this blog post. When I say, “outlet”, I mean an outlet for my thoughts. I guess if you’re into Information Security then that you’ll enjoy many of those thoughts.

My name is Justin and I have been a Security Operations Analyst for the last 2 years. Primarily in a Blue Team function with a little bit of vulnerability management, Python development, and data loss prevention sprinkled in. I’ve also held various other roles in the Technology industry including Service Desk/Desktop Support and Application Development. Of the 15 years that I’ve spent in the Tech industry approximately 5 of that was in leadership roles.

So what kind of posts can you expect? Probably some opinion pieces, a healthy number of technical information posts, and maybe even some off-topic posts about my other interests. I’m also looking to write more in 2019 so I figure this is the best platform for me.

Enjoy your stay!

Due Diligence vs Due Care

Due Diligence vs Due Care

An important concept in the CISSP exam is that of due care and due diligence. The two concepts are often confused and used interchangeably, however related, they are not the same. Let’s go through and discuss the two concepts individually, and then we’ll discuss the concepts in how they relate to IT Security.

Due Care

Due Care, in very simple terms, is doing the “right” thing, or doing what a reasonable person would do in a given situation. Here is a simple example. You’re renting an apartment and you notice that your faucet is leaking. So as a reasonable person you take due care and report it before it gets worse. If due care is not taken, you may be at fault if it breaks.

Due Diligence

Due diligence is an action created out of due care, and is described as “the management of due care.” Example. It’s been a week since you reported the leaky faucet (due care) and it’s still broken. You follow-up with to verify that it gets done (due diligence).

In The Context of Security

Let’s give an example that might apply in an enterprise environment. You’re a Vulnerability Assessment Analyst and you run a vulnerability scan on your environment. You discover 150 workstations are out of date on their patching. As per process, you submit a request to have those machines updated with up-to-date patches (due care). As a CISSP you know that due care is only half of your responsibility. A week later you run another vulnerability scan and determine that all systems have been patched (due diligence). So not only are you doing your part as a responsible vulnerability officer, but you’re also following up to ensure that due care was taken by the patching team. (Due care for the Patcher is to keep the workstations up-to-date with the latest patches. But if you were able to find out of date patches then are they really taking due care?)

As you’ve probably figured out due care and due diligence are very important legal concepts that span many Industries.